Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 3 nov 2003, at 17:44, Erik Nordmark wrote:

> But, based on the MIPv6 model, one could also envision a weak but time 
> limited
> verification that builds on some earlier verification (whether the 
> earlier
> verification was weak or strong).

No, this is no good at all. In multihoming, when a line goes down it 
may not come back up again. Ever.

> For instance, if the peer shows that it knows a clear-text random 
> number
> which was exchanged during the earlier verification, then it
> might be reasonable to allow redirection to a new locator *for a 
> limited time*.

This is susceptible to a "man listening at the sidelines" attack. 
That's a relatively common capability. However, we can do better than 
this with by adding some hashing and gradual release of previously 
secret information. This is only susceptible to actual man in the 
middle attacks, but then so is everything else, as a MITM can always 
blackhole traffic if nothing else.